Updated May 13, 2019 Our Privacy Policy At InboxFirst, we respect and protect the privacy of our customers and those who use our websites, products and services. This privacy statement provides details about how your personal information is collected and used. Personal information is any information that identifies you or would enable someone to contact you, such as your name, email address, phone number and other non-public information that is associated with such information. This privacy statement applies to the InboxFirst website, products and services that are located in the inboxfirst.com domain and any other sites owned or operated by InboxFirst (the “Sites”). Statement Summary The summary below provides the key concepts of the full InboxFirst Privacy Statement. Information Collection and Use by Us We obtain any information that you provide to us on the Sites, including activity on our Sites that we collect by means of log files. We may monitor or record any of your telephone conversations with us for quality control purposes, for purposes of training our employees and for our own protection. We acknowledge your ownership rights in your contact lists, content and phone numbers. We will never sell or rent this information without your permission, and will never use it for any purpose other than providing you with and improving our products and services or as described in this privacy statement. Security and Privacy We employ reasonable technical, administrative and physical safeguards to protect the confidentiality and security of your personal information. Sharing of Information We will never sell or rent your personal information to third parties for their use without your consent. Cookies and Web Beacons We use cookies and other technology to keep track of your online interaction with our Sites. International Use We are headquartered in the United States of America and you explicitly acknowledge and consent to the fact that personal information stored or processed in the United States will be subject to the laws of the United States. Notification of Changes If we decide to change this privacy statement in any material way, we will notify you here, by email, or by means of a notice on the InboxFirst website. For major changes in how we use personally identifying data, we will provide advance notice. In all cases, your continued use of our Websites or our products and services constitutes consideration and your binding acceptance to any such changes. 1. Information We Collect (Customers) Information You Provide to Us: When you register to use InboxFirst, communicate with our customer service team, send us an email, or post on our blog, you’re giving us information that we collect. That information may include your IP address, name, physical address, email address, phone number, credit card information, and other details like gender, occupation, and other demographic information. By giving us this information, you consent to your information being collected, used, disclosed, and stored by us, only as described in our Terms of Service and Privacy Policy. List and Email Information: When you add an email Distribution List or create an email with InboxFirst services, we have access to the data on your list and the information in your email. Information from your Use of InboxFirst services: We may get information about how and when you use InboxFirst services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. Cookies: When you register to use InboxFirst services, we store “cookies,” which are strings of code, on your computer. We use those cookies to collect information about when you visit our Websites, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use InboxFirst services. Web Beacons: When we send emails to registered InboxFirst customers, we’ll sometimes track who opened the emails and who clicked the links. We do that to measure our Email Campaigns’ performance and to improve our features for specific segments of customers. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include Web Beacons in the emails we deliver for you. We use the data from those Web Beacons to create the reports you see about who has or hasn’t opened emails or clicked links. Reports are also available to us when we send you email, so we may collect and review that information. Information from Other Sources: We may get more information about you, like name, age, and participation in social media websites, by searching the internet or querying third parties (we’ll refer to that information as Supplemental Member Information). We only collect data that’s publicly available or provided by a third party according to its terms of use. 2. Information We Collect (Subscribers) The Personal Information that we may collect or receive about you broadly falls into the following categories: (i) Information we receive about Contacts from our Customers: A Customer may provide Personal Information about you to us through the Services. For example, when a Customer uploads their Distribution List or integrates the Services with another website or service (for example, when a Customer chooses to connect their e-commerce account with InboxFirst), or when you sign up for a Customer’s Distribution List on a InboxFirst signup form, they may provide us with certain contact information or other Personal Information about you such as your name, email address, address or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from a Customer. (ii) Information we collect automatically: When you interact with an email campaign that you receive from a Customer or browse or purchase from a Customer’s connected store, we may collect information about your device and interaction with an email. We use cookies and other tracking technologies to collect some of this information. (iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as social media platforms and third-party data providers. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us, and we use this information to provide publicly available social media information about you to Customers who have enabled the “Social Profiles” feature in their InboxFirst accounts. Use of Personal Information We may use the Personal Information we collect or receive about you for our legitimate business interests, including: To enforce compliance with our Terms of Use and applicable law. This may include developing tools and algorithms that help us prevent violations. To protect the rights and safety of our Customers and third parties, as well as our own. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide, support and improve the Services. For example, this may include sharing your information with third parties in order to provide and support our Services or to make certain features of the Services available to our Customers. For our data analytics projects. Our data analytics projects use data from InboxFirst accounts, including your Personal Information, to provide and improve the Services. We use information, like your purchase history, provided to us by Customers, so we can make more informed predictions, decisions, and products for our Customers. For example, we use data from InboxFirst accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Customers. If you prefer not to share this data, you can opt out of data analytics projects at any time by emailing us at support@inboxfirst.com. Other purposes. To carry out other legitimate business purposes, as well as other lawful purposes. Cookies and Tracking Technologies We and our partners may use various technologies to collect and store information when you interact with a Customer’s email campaign or connected store, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. For example, we use web beacons in the emails we send on behalf of our Customers. When you receive and engage with a Customer’s campaign, web beacons track certain behavior such as whether the email sent through the InboxFirst platform was delivered and opened and whether links within the email were clicked. They also allow us to collect information such as your IP address, browser, email client type, and other similar details. We use this information to measure the performance of our Customers’ email campaigns, and to provide analytics information and enhance the effectiveness of our Services.Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement here. Legal Basis for Processing We process Personal Information about you as a data controller as described in this section, where such processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests typically include: improving, maintaining, providing, and enhancing our technology, products and services; ensuring the security of the Services and our Website; and for our marketing activities. Other Data Protection Rights You may have the following data protection rights: To access, correct, update or request deletion of your Personal Information. InboxFirst takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete, and up to date. You may contact us directly at any time about accessing, correcting, updating or deleting your Personal Information, or altering your data, by emailing us at support@inboxfirst.com. We will consider your request in accordance with applicable laws. In addition, if you are a resident of the EEA, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by emailing us at support@inboxfirst.com. You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Role of the Parties. As between InboxFirst and Customer, Customer is the Data Controller of Customer Data, and InboxFirst will process Customer Data only as a Data Processor acting on behalf of Customer. Customer Processing of Customer Data. Customer agrees that: (i) it will comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to InboxFirst; and (ii) it has provided notice and obtained (or will obtain) all consents and rights necessary under Data Protection Laws for InboxFirst to process Customer Data and provide the Services pursuant to the Agreement and this Policy. 3. Content of Email Campaigns When you send email marketing, it bounces around from server to server as it crosses the internet. Along the way, server administrators can read what you send. Email wasn’t built for confidential information. If you have something confidential to send, please don’t use InboxFirst. Sometimes we review the content of our Members’ email campaigns to make sure they comply with our Terms of Service. To improve that process, we have software that helps us find email campaigns that may violate our Terms. Our employees or independent contractors may review those particular Email Campaigns. This benefits all of our Members who comply with the Terms of Service because, among other things, it reduces the amount of spam being sent through our servers and helps to maintain high deliverability. 4. Your Distribution Lists Your subscriber lists are stored on a secure InboxFirst server. We don’t, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your lists from InboxFirst at any time, as long as we have a copy. 5. Notice of Breach of Security Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Distribution Lists, then InboxFirst will notify you as soon as possible and later report the action we took in response. 6. Safeguarding Your Information InboxFirst accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Distribution Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them. 7. Accuracy of Data We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes. We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.